I have heard good things about dyndns.com does anyone have good experience using a specific service?

I have users that work from home and when they connect to certain servers all i get in my Sonic Wall reports are their dynamic IP addresses that don't really tell me who is utilizing our resources. I want to be able to know that anyone connecting to resources should be doing so. I need one that is dead simple for the end user to set up as i am thinking of creating a policy that no one can work from home or from a laptop without having a static IPso that i can further lock out unwanted traffic and hold people accountable.

dyndns is great. But it won't do what you want it to do unless you can block things out by host name and not IP.

All a dynamic dns service does is resolve a host name such as name.dyndns.org to a dynamic IP. The point of it then is that if I'm at work and want to get to my home computer I don't need to know what the current ISP assigned IP is I just point whatever I'm doing to name.dyndns.org.

You typically set it up if you want to run a webserver from home or if you vpn into your home machine a lot things like that. You setup a dyndns and just go to the hostname that doesn't change then dyndns redirects to your current IP.

So if smoothwall can filter by hostnames then it'll work for you. Otherwise it won't because the home users won't get a static IP.

8 Replies

dyndns is great. But it won't do what you want it to do unless you can block things out by host name and not IP.

All a dynamic dns service does is resolve a host name such as name.dyndns.org to a dynamic IP. The point of it then is that if I'm at work and want to get to my home computer I don't need to know what the current ISP assigned IP is I just point whatever I'm doing to name.dyndns.org.

You typically set it up if you want to run a webserver from home or if you vpn into your home machine a lot things like that. You setup a dyndns and just go to the hostname that doesn't change then dyndns redirects to your current IP.

So if smoothwall can filter by hostnames then it'll work for you. Otherwise it won't because the home users won't get a static IP.

For this specific purpose i dont want to really set up a VPN if i dont have to. The resources in question are actually Exchange via SMTP and a database program that connects through an https address. Our bank has alot of policies already about the clients on VPNs and i want this to be secure but with an adiquate level of accesibility and ease of management. I want to be able to tell users that if they are going to access those two things (and possibly more down the line) that they have to go out on their own and register some service (an approved one) and then i will make an exception in my Cisco ASA 5510 to allow them those type of traffic into those servers.

You are setting this up for a bank? Don't you have a whole list of regulatory procedures you have to follow for anything accessing the network? I'm confused. I've had a very small touch of dealing with banking security and anything I've been exposed to is extremely documented and has lists of procedures and best practices that must be followed.

It is for a financial institution that is a subsidiary of a bank but our business is quite removed from the business of the controling bank. Yes we are regulated by the OCC. So far things have been okay with the audits but I do not want to just get by. I want to excel and that is why i am looking for some sort of a solution like this.

Have you considered setting up an ISA server to protect SMTP/HTTPS? Not exactly cheap but if you have an Active Directory you can have them authenticate with the ISA.
Also I'm not 100% clear on your layout.. are the servers behind the SonicWall or the ASA?

It is all coming down to what The Groffer said. I am needing something to show the RDNS of people connecting instead of having a DNS resolve to a client. I am just trying to find the best grounds between locked down completely and accesibility. I think i am just going to have to push to have it more locked down.

0

This discussion has been inactive for over a year.

You may get a better answer to your question by starting a new discussion.